
<?php
include "inc/data/conn.php";
//1903010328 获取用户信息
// 1903010328 创建参数，提取数值 $变成const
 	$userId = $_POST["userid"];
   	$pard = md5($_POST["password"]);
//1903010328 登录
 //1903010328 学生登录验证
   	if ($_POST["role"] == "student") {
   		$sql = "select stuname,stuid,depname,stupic 
      from mamx_stu,mamx_dep
  		   where stuid = ? and stupa = ?";
   	}else{
       //1903010328老师登录验证
      $sql = "select tename,teid,depname,tepic from mamx_teacher
   where teid = ? and tepa = ?";
   	}
   
//  1903010328 执行预处理
if(!$stmt = $conn->prepare($sql)){
  die("查询失败，请重试");
}
// 1903010328 绑定参数
   $stmt->bind_param("is",$userId,$pard);
// 1903010328 执行查询 
   $stmt->execute();
// 1903010328 绑定结果
   $stmt->bind_result($username,$userId,$depname,$userPic);
//  1903010328 保存结果
   $stmt->store_result();
    if($stmt->fetch()) {
  // 成功
      // 1903010328 通行证变量定义
      session_start();
      $_SESSION["name"] = $username;
      $_SESSION["id"] = $userId;
      $_SESSION["sf"] = $_POST["role"];
      $_SESSION["xy"] = $depname;
      $_SESSION["uPic"] = $userPic;
     echo <<<END
      <script  type="text/javascript">
        alert("$username 欢迎你登录！");
        location="index.php";
       </script>
END;
    }
    else{
     // 失败
    echo <<<END
       <script  type="text/javascript">
        alert("用户名或密码有误");
        location="login.html";
       </script>
END;
 } 
?>